I need to restream several existing mp3 streams over https.
I have a current stream with the url :
http://cdn.stream.com/radio.mp3
and I would like to have it as :
https://cdn.newstream.com/radio.mp3
I have seen several solutions such as :
rebuild my own cast with icecast
nginx proxy
stunnel
cloudfront (could be expensive)
or a paid service : https://www.autopo.st/secure-streams/
But couldn't find an simple tutorial with a cheap solution using AWS.
Is there any way to secure an existing stream in a cheap way using AWS ?
Thanks,
If you are running Debian or Ubuntu, just install Icecast from the official Xiph.org repositories:
https://wiki.xiph.org/Icecast_Server/Installing_latest_version_(official_Xiph_repositories)
It has TLS support built in.
The certificate needs to be provided as a combined file, with both public and private key in the same file. In case of Letsencrypt - some ACME clients can natively produce that sort of output.
As you don't specify if you control the origin server or need to relay an external server I won't venture into further explanations, please clarify your question if you need specific aspects covered.
With the help of a freelancer, here is what I ended up doing.
I register a domain mydomain.com and pointed it to a ubuntu machine hosted Hertzner to get a good value for money on network traffic.
So mydomain.com is pointing to the ip of the server 130.130.130.130
run this on the machine :
cd /usr/local/bin
wget https://www.dropbox.com/s/lnk9mriccwydhow/caddy
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
groupadd -g 33 www-data
useradd -g www-data --no-user-group --home-dir /var/www --no-create-home --shell /usr/sbin/nologin --system --uid 33 www-data
mkdir /etc/caddy
chown -R root:www-data /etc/caddy
mkdir /etc/ssl/caddy
chown -R root:www-data /etc/ssl/caddy
chmod 0770 /etc/ssl/caddy
wget https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service
cp caddy.service /etc/systemd/system/
chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl start caddy.service
create the file /etc/caddy/Caddyfile with this content
securedStream.mydomain.com {
proxy / http://originStream.com
}
Then run these one to run caddy to add autostart, start and check status
systemctl enable caddy
systemctl start caddy
systemctl status caddy
Access to https://securedStream.mydomain.com/
Related
What is the issue with below script?
I cannot access the site and shows me "This site can’t be reached" error
#!/bin/bash
# Use this for your user data (script from top to bottom)
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd.service
systemctl start httpd.service
systemctl enable httpd
echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html
The correct UserData is (you have also space at the very beginning):
#!/bin/bash
# Use this for your user data (script from top to bottom)
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html
You will also need to make sure that the instance is in a public subnet, has public IP and its security group allow connections to port 80.
Thank you all for response.
I don't know much about linux commands. But I did terminate the instance and created again with below user data and found working. Same user data was used earlier also but didn't worked. Also set inbound rules to allow public IP with port 80 also. But didn't work.
So finally I did terminate and recreate instance which is working.
#!/bin/bash
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html
Most modern browsers will automatically redirect HTTP traffic to HTTPS and hide the protocol. When doing a simple test like this where you won't be using HTTPS due to not having a certificate, it might be required to manually edit the URL to force it back to HTTP. This was my issue.
Thus if you put your cursor in the URL bar
change that to
now you get
Also instead of the browser you can use a command like tool like curl and skip the HTTPS redirect issue.
Is there a way to start AWS EC2 instance with pack of commands?
So im creating a new instance and thing i wan't to achieve is run some linux commands automatically after starting it without connecting with machine and typing those commands manually.
This is exactly the purpose of UserData.
You would list your script (bash for Linux, or Powershell for Windows), this will then run on the first time the instance runs.
An example user data taken from the documentation to perform the setup of a web server is below.
#!/bin/bash
yum update -y
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum install -y httpd mariadb-server
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
In the event you need to debug take a look at the /var/log/cloud-init-output.log log once the instance has launched.
However, if there are a larger number of steps it might be preferable to create a pre-baked AMI which involves setting up a blank server with all the necessary services and configuration using a tool such as Ansible, Chef or Puppet.
In AWS EC2 instance 2 applications are running 1 is Django app and other react app. I run these two commands to give read/write permissions on Filezilla.
sudo chown -R ubuntu:ubuntu /var/www/html
sudo chmod -R 755 /var/www/html
I run them successfully and also change files for the react app through Filezilla. but the Django app gets effected after running these 2 commands throwing 503 error.
what I'm getting on opening url
How can I troubleshoot AWS for this error?
Have you tried with:
sudo chown -R ubuntu:www-data .
When you're inside html folder?
That worked for me. (Made a clean install of Apache2 and PHP and got 503 error everytime until this).
Actually i wants to use my own stun/Turn server instance and i want to use Amazon EC2 .If anybody has any idea regarding this please share with me the steps to create or any reference link to follow.
do an ssh login to your ec2 instance, then run the below commands for installing and starting the turn server.
simple way:
sudo apt-get install coturn
If you say no, I want the latest cutting edge, you can download source code from their downloads page in install it yourself, example:
sudo -i # ignore if you already in admin mode
apt-get update && apt-get install libssl-dev libevent-dev libhiredis-dev make -y # install the dependencies
wget -O turn.tar.gz http://turnserver.open-sys.org/downloads/v4.5.0.3/turnserver-4.5.0.3.tar.gz # Download the source tar
tar -zxvf turn.tar.gz # unzip
cd turnserver-*
./configure
make && make install
sample command for running TURN server:
turnserver -a -o -v -n -u user:root -p 3478 -L INT_IP -r someRealm -X EXT_IP/INT_IP --no-dtls --no-tls
command description:
-X - your amazon instance's external IP, internal IP: EXT_IP/INT_IP
-p - port to be used, default 3478
-a - Use long-term credentials mechanism
-o - Run server process as daemon
-v - 'Moderate' verbose mode.
-n - no configuration file
--no-dtls - Do not start DTLS listeners
--no-tls - Do not start TLS listeners
-u - user credentials to be used
-r - default realm to be used, need for TURN REST API
in your WebRTC app, you can use trun server like:
{
url: 'turn:user#EXT_IP:3478',
credential: 'root'
}
One method to install a turnserver on Amazon EC2 would be to choose Debian and to install the coturn package, which is the successor of the RFC5766-server.
The configuration file at /etc/turnserver.conf includes EC2 specific instructions. The information provided within this file is very exhaustive in general and should answer the majority of configuration questions.
Once configured, the coturn server can be stopped an started however you would any other service.
I have my instance of the Amazon AWS running, test page is up.
I am trying to SFTP the files to the server to display my website. I have Filezilla connected to the AWS server but when I try to move the files from my local machine to the /var/www/html directory, it says permission denied.
I just figured out I CAN move the files to the /home/ec2-user directory. So my files are on the server I guess. But when I try to move them from there to the /var/www/html directory, it still won't move them, permission denied.
I've been researching this for approximately 2 hours now but I haven't been able to locate the answer to this.
Any help is greatly appreciated, i'm so close! Haha
Thanks
UPDATE
To allow user ec2-user (Amazon AWS) write access to the public web directory (/var/www/html),
enter this command via Putty or Terminal, as the root user sudo:
sudo chown -R ec2-user /var/www/html
Make sure permissions on that entire folder were correct:
sudo chmod -R 755 /var/www/html
Doc's:
Setting up amazon ec2-instances
Connect to Amazon EC2 file directory using Filezilla and SFTP (Video)
Understanding and Using File Permissions
if you are using centOs then use
sudo chown -R centos:centos /var/www/html
sudo chmod -R 755 /var/www/html
For Ubuntu
sudo chown -R ubuntu:ubuntu /var/www/html
sudo chmod -R 755 /var/www/html
For Amazon ami
sudo chown -R ec2-user:ec2-user /var/www/html
sudo chmod -R 755 /var/www/html
In my case the /var/www/html in not a directory but a symbolic link to the /var/app/current, so you should change the real directoy ie /var/app/current:
sudo chown -R ec2-user /var/app/current
sudo chmod -R 755 /var/app/current
I hope this save some of your times :)
If you're using Ubuntu then use the following:
sudo chown -R ubuntu /var/www/html
sudo chmod -R 755 /var/www/html
This work best everyone
chmod ugo+rwx your-folder
https://help.ubuntu.com/community/FilePermissions
In my case, after 30 minutes changing permissions, got into account that the XLSX file I was trying to transfer was still open in Excel.
for me below worked:
chown -R ftpusername /var/app/current